Ruby InfoSec

Dozens of Ruby-related CVEs have been caused by user input being passed to the top-level Kernel.open() method, which not only accepts paths or URIs (if open-uri has been loaded), but also "|command-here" commands which are then opened using IO.popen() resulting in Remote Command Execution (RCE) vulnerabilities. In the next minor Ruby version (3.3.0) a deprecation warning will be printed if a "|command-here" input is given to Kernel.open(). Hopefully, in Ruby 4.0 this insecure feature will be removed.

You may have recently read a news story about how a typo in a US military email address (@.mil -> @.ml) accidentally caused sensitive military secrets to be sent to a similar Mali email address for years.

What if I told you, you could use Ronin to find all of the one-character-missing valid typos for all of the TLDs?

Checkout what new features were added in ronin-code-sql 2.1.0. Using ronin-code-sql you can generate complex and obfuscated SQL injections (SQLi).

A quick reference cheat sheet on how to port pwnlib code to Ronin.

A quick reference cheat sheet on how to port Python code to Ruby/Ronin code.

A multi-part guide on how to write quick Ruby scripts using the ronin-support library. ronin-support is sort of like activesupport meets Python's pwnlib, but in Ruby.

A step-by-step guide explaining how to port a Metasploit Exploit to Ronin Exploits. Ronin Exploits is a simpler, more Object Orientated, micro-framework for writing and running exploits.

Ever wanted to know more about the Ronin CLI, how to use ronin-repos or ronin-db, how to write Ruby scripts using ronin-support, or how to port Metasploit Payloads to ronin-payloads? We now have eight new Guides on those topics. Check it out!